Victor Ashik discovered a heap based buffer overflow in less, caused by a patch added to the less package in Red Hat Enterprise Linux 3. An attacker could construct a carefully crafted file that could cause less to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0086 to this issue. Info: https://rhn.redhat.com/errata/RHSA-2005-068.html This issue may be RHEL3 specific. Must be checked. ------- Additional Comments From marcdeslauriers 2005-02-10 19:09:27 ---- *** This bug has been marked as a duplicate of 2404 *** ------- Bug moved to this database by dkl 2005-03-30 18:31 ------- This bug previously known as bug 2426 at https://bugzilla.fedora.us/ https://bugzilla.fedora.us/show_bug.cgi?id=2426 Originally filed under the Fedora Legacy product and Package request component. Unknown priority P2. Setting to default priority "normal". Unknown platform PC. Setting to default platform "All". Setting qa contact to the default for this product. This bug either had no qa contact or an invalid one.
Changed to 'CLOSED' state since 'RESOLVED' has been deprecated.